CVE-2021-40157

A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system...

CVE-2021-30746

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents...

Huan - Encrypted PE Loader Generator

Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently, it works on 64 bit PE files. How It Works? First, Huan...

Detecting Embedded Content in OOXML Documents

On Advanced Practices, we are always looking for new ways to find malicious activity and track adversaries over time. Today we’re sharing a technique we use to detect and cluster Microsoft Office documents—specifically those in the Office Open XML OOXML file format. Additionally, we’re releasing ...

[SECURITY] Fedora 33 Update: python2-pillow-6.2.2-6.fc33

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. This is a minimal compatibility package for https://pagure.io/fesco/issue/2266...

MAT File I/O Library 缓冲区错误漏洞

MAT File I/O Library matio is an open source, C language library for reading and writing binary MATLAB MAT files. A security vulnerability exists in MAT File I/O Library that stems from having a heap-based buffer overflow...

CVE-2021-35963

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious script to execute RCE attacks...

Format string

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious script to execute RCE attacks...

CVE-2021-35963 Learningdigital.com, Inc. Orca HCM - Unrestricted Upload of File with Dangerous Type

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious script to execute RCE attacks...

Siemens Jt2go 和 Siemens Teamcenter Visualization 缓冲区错误漏洞

Siemens Jt2go is a JT file viewer.Siemens Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios. An out-of-bounds write vulnerability exists in Siemens JT2Go versions prior to 13.2 and Teamcenter Visualization versions prior to 13.2. The...

Grok 缓冲区错误漏洞

Grok is a regular expression that uses a combination of multiple predefined . A tool used to match split text and map to keywords. Often used to preprocess log data. A security vulnerability exists in Grok versions 7.6.6 through 9.2.0 that stems from a heap-based buffer overflow in the...

CVE-2021-21871

A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. The vendor fixed it in a bug-release of the current versi...

CVE-2021-21871

A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. The vendor fixed it in a bug-release of the current versi...

CVE-2021-31499

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2021-31490

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Ubuntu 18.04 LTS / 20.04 LTS : ExifTool vulnerability (USN-4987-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4987-1 advisory. It was discovered that ExifTool did not properly sanitize user data for the DjVu file format. An attacker could use this vulnerability to cause a DoS ...

Drawings SDK 资源管理错误漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, USA. The SDK provides access to .dwg and .dgn data through a convenient, object-oriented API, a C++ API, support for repairing files, and support for . A post-release reuse...

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, USA. The SDK provides access to .dwg and .dgn data through a convenient, object-oriented API, a C++ API, support for repairing files, and support for . An out-of-bounds write...

SAP 3D Visual Enterprise Viewer 输入验证错误漏洞

SAP 3D Visual Enterprise Viewer is a free 3D visualization viewer for Windows. An input validation error vulnerability exists in SAP 3D Visual Enterprise Viewer 9, which can be exploited by an attacker to cause an application crash with the help of a specially crafted IFF file...

SAP 3D Visual Enterprise Viewer 输入验证错误漏洞

SAP 3D Visual Enterprise Viewer is a free 3D visualization viewer for Windows. SAP 3D Visual Enterprise Viewer 9 suffers from an input validation error vulnerability that can be exploited by an attacker to cause an application crash with the help of a specially crafted PCX file...